According to Blackberry, a Russian-speaking ransomware group has updated its attack tools to include a Veeam exploit to harvest logins. The discovery came from investigations into attacks by the Cuba group in a US critical national infrastructure provider and a South American IT integrator. The group is in its fourth year of operation and is using a tweaked set of tactics, techniques and procedures in its attacks.

One of the discoveries made by Blackberry was Cuba’s exploitation of CVE-2023-27532, impacting Veeam Backup & Replication software. This software is being used to steal credentials from configuration files on the victim’s device. The exploit exposes aAPI on a component of the Veeam application, a vulnerability that exists on any version of the Veeam Backup & Replication software prior to the version 11a. The bug was also exploited by the FIN7 group in March. A joint advisory issued by the US authorities last year claimed that Cuba ransomware had compromised 100 organizations by August 2022 and received as much as $60m in payments.

Read More: Cuba Ransomware Group Steals Credentials Via Veeam Exploit